diff --git a/manila/share/drivers/cephfs/cephfs_native.py b/manila/share/drivers/cephfs/cephfs_native.py
index 7d0bbddba7..bc173c3bf5 100644
--- a/manila/share/drivers/cephfs/cephfs_native.py
+++ b/manila/share/drivers/cephfs/cephfs_native.py
@@ -213,6 +213,17 @@ class CephFSNativeDriver(driver.ShareDriver,):
 
         ceph_auth_id = access['access_to']
 
+        # We need to check here rather than the API or Manila Client to see
+        # if the ceph_auth_id is the same as the one specified for Manila's
+        # usage. This is due to the fact that the API and the Manila client
+        # cannot read the contents of the Manila configuration file. If it
+        # is the same, we need to error out.
+        if ceph_auth_id == CONF.cephfs_auth_id:
+            error_message = (_('Ceph authentication ID %s must be different '
+                             'than the one the Manila service uses.') %
+                             ceph_auth_id)
+            raise exception.InvalidInput(message=error_message)
+
         auth_result = self.volume_client.authorize(self._share_path(share),
                                                    ceph_auth_id)
 
diff --git a/manila/tests/share/drivers/cephfs/test_cephfs_native.py b/manila/tests/share/drivers/cephfs/test_cephfs_native.py
index 2b92a40a12..e3a6eee40d 100644
--- a/manila/tests/share/drivers/cephfs/test_cephfs_native.py
+++ b/manila/tests/share/drivers/cephfs/test_cephfs_native.py
@@ -87,6 +87,7 @@ class CephFSNativeDriverTestCase(test.TestCase):
         self._share = fake_share.fake_share(share_proto='CEPHFS')
 
         self.fake_conf.set_default('driver_handles_share_servers', False)
+        self.fake_conf.set_default('cephfs_auth_id', 'manila')
 
         self.mock_object(cephfs_native, "ceph_volume_client",
                          MockVolumeClientModule)
@@ -190,6 +191,15 @@ class CephFSNativeDriverTestCase(test.TestCase):
                               'access_to': 'alice'
                           })
 
+    def test_allow_access_same_cephx_id_as_manila_service(self):
+        self.assertRaises(exception.InvalidInput,
+                          self._driver._allow_access,
+                          self._context, self._share, {
+                              'access_level': constants.ACCESS_LEVEL_RW,
+                              'access_type': 'cephx',
+                              'access_to': 'manila',
+                          })
+
     def test_deny_access(self):
         self._driver._deny_access(self._context, self._share, {
             'access_level': 'rw',
diff --git a/releasenotes/notes/fix_cephx_validation-cba4df77f9f45c6e.yaml b/releasenotes/notes/fix_cephx_validation-cba4df77f9f45c6e.yaml
new file mode 100644
index 0000000000..f202c59206
--- /dev/null
+++ b/releasenotes/notes/fix_cephx_validation-cba4df77f9f45c6e.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - Check the Cephx ID used when granting access to a CephFS share to make
+    sure it's not the same as the one Manila uses to communicate with the
+    Ceph backend.